What's new

need recommendations on setting up vlans

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Netbug

Regular Contributor
hi,

i'm running merlin latest beta 382.2 for RT-AC68U. I know merlin firmware and asus firmware don't have a web gui for making vlans which brings me to my question.

I want to see how others have gone about setting up vlans. I want three vlans one for my laptop/mobile and other devices that i trust, another vlan for guests and another vlan for IOT devices, i basically want to isolate my network however i want my mobile to be able to communicate with all vlans as many devices now comes with apps to control products via mobile apps.

i was thinking of buying a layer 3 switch plugging it in to my router then plug a access point into the switch, setup multiple ssids and assign vlans to the different ssids. I never done this before so don't know if there a cleaner/easier/cheaper solution? i now about guest network but its too limited. Reason i mention access point is because everything i have is connected via wifi not ethernet.

I'm not an expert but do run ab-solution, skynet, openvpn etc so looking for different advice, i've been researching allot online, some go all out and buy 3 routers which i think is overkill, i would prefer to not have to buy a switch and access point but will if its a good solution, any recommendations advice much appreciated.

My current setup is simple:

phone socket > draytek modem > router, everything connects via wifi not ethernet.

Thank you.
 
Last edited:
As everything is connected wirelessly, could you put your IoT stuff on a guest network with blocked intranet access, your true guest network on a different one but also with blocked intranet access, and the trusted devices on a standard wireless network?

However, you did say “ i want my mobile to be able to communicate with all vlans as many devices now comes with apps to control products via mobile apps.”. I don’t know, though: would your mobile be able to communicate with those IoT devices if they were on a dedicated guest network? Have you tried it?
 
As everything is connected wirelessly, could you put your IoT stuff on a guest network with blocked intranet access, your true guest network on a different one but also with blocked intranet access, and the trusted devices on a standard wireless network?

However, you did say “ i want my mobile to be able to communicate with all vlans as many devices now comes with apps to control products via mobile apps.”. I don’t know, though: would your mobile be able to communicate with those IoT devices if they were on a dedicated guest network? Have you tried it?

Yeah guest network is to limited no good, it's why i'm asking as been researching and vlans seem to be the way to go with so many IOT devices now with poor security. Also vlans can communicate with each other if you want them to in my case i don't except for mobile device, this is why i thought about a switch and access point that can broadcast multiple ssids and assign the ssids to the vlans created on the switch, i've not bought anything yet as want to see what others have done with vlans as not done it before.

Thank you
 
bump, anyone? thank you.
 

Thanks have taken a look seems confusing, reason i mention a wireless access point which can broadcast multiple ssids is because everything in my home is connected via wifi so wont need to use the actual ports on the switch. the switch and access point will sit rite next to my router, if there was a way to assign the ssids from the asus router to a vlan capable switch that could remove buying a access point but don't think that's possible?

cheers.
 
If there was a way to assign the ssids from the asus router to a vlan capable switch that could remove buying a access point but don't think that's possible?

Not in my experience i.e. the individual SSIDs on the Asus router cannot natively be assigned their own discrete VLAN tag via the firmware, but the Ubiquiti AP does natively support the feature.

EDIT: Clarification that FULL VLAN support will need to be implemented by Asus.
End of year 2017 development update
 
Last edited:
Not in my experience i.e. the individual SSIDs on the Asus router cannot be assigned their own discrete VLAN tag but the Ubiquiti AP does support the feature.

ok thanks, seems like unless i go with tomato shibby which i don't as love asuswrt-merlin like no other lol it seems like i will have to buy a switch and access point and just turn off the wireless on the router as wouldn't need it on if i get a access point and connect to a vlan layer 3 capable switch. Wasn't sure if this will work but i can't see any reason it wouldn't. cheers.
 
Not in my experience i.e. the individual SSIDs on the Asus router cannot be assigned their own discrete VLAN tag but the Ubiquiti AP does support the feature.
Please don't tell my AC68R in AP mode that has VLANs set for each wireless interface :)
 
Please don't tell my AC68R in AP mode that has VLANs set for each wireless interface :)

i assume you mean your ac68r is connected to a switch? what's your setup? cheers.
 
i assume you mean your ac68r is connected to a switch? what's your setup? cheers.
Actually, right now I'm not using a switch for the AP although your could use one without any problem.
All the AP VLANs are tagged to the WAN port, which is then connected to a port on my pfsense box (one of 4 physical ports). The pfsense port is a bridged port of all the VLANs, then I set the pfsense rules individually for each VLAN.
 
Actually, right now I'm not using a switch for the AP although your could use one without any problem.
All the AP VLANs are tagged to the WAN port, which is then connected to a port on my pfsense box (one of 4 physical ports). The pfsense port is a bridged port of all the VLANs, then I set the pfsense rules individually for each VLAN.

ah i see, pfsense to complicated i think for me, i run vms so could set it up in a vm but i did that a about 2 years ago and it looked complicated to setup, i set it up in a vm all fine but it's all the settings, mind boggling lol, i don't really need a switch as won't be using the actual ports but would plug a access point into it and create virtual lans on the switch using the ssids from the AP, i don't mind buying the equipment i just wanted to see if there is a cleaner solution that doesn't require switches/AP. Cheers.
 
ah i see, pfsense to complicated i think for me
There is definitely a learning curve for pfsense as compared to the 'consumer' routers....it took me a couple weeks of playing with all the pfsense options to get a grip on what was possible. It actually made me appreciate all the work that is done 'behind the scenes' so to speak on the consumer solutions, even if it's a bit limited on what you can configure.

That being said, once you start to see the big picture of what pfsense can do it does really expand what you can set up.
 
There is definitely a learning curve for pfsense as compared to the 'consumer' routers....it took me a couple weeks of playing with all the pfsense options to get a grip on what was possible. It actually made me appreciate all the work that is done 'behind the scenes' so to speak on the consumer solutions, even if it's a bit limited on what you can configure.

That being said, once you start to see the big picture of what pfsense can do it does really expand what you can set up.

ok cool, what do people use to run pfsense, hardware wise? probably won't go this option rite now as would have a lot to learn but may buy some hardware just to play about with pfsense and to learn more.
 
Last edited:
Actually, right now I'm not using a switch for the AP although your could use one without any problem.
All the AP VLANs are tagged to the WAN port, which is then connected to a port on my pfsense box (one of 4 physical ports). The pfsense port is a bridged port of all the VLANs, then I set the pfsense rules individually for each VLAN.

Hi,
Would you please post details of your setup/ Merlin script?

I am a rookie trying to setup multiple VPN (two or more) +1 guest to go through the three guest networks (VWAP)and non VPN traffic to go through regular non guest (WAP).

My setup is Cable modem - pfsense router - Managed Switch (non POE cisco) - Asus RT-68

Unifi is not immediately an option as I do not have this and plan to upgrade in the future after finding someone to replace all the in wall phone cabling with CAT cable.

I have trawled the forum and either do not understand or cannot find the solution

Thanks!
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top